Inside the Ink

Update: Facebook Breach Information is Now For Sale on the Dark Web

Update, October 4, 2018: Our cybersecurity division has confirmed that the individual account information associated with the Facebook breach is now being sold on popular Dark Web markets for $3 to $12. In comparison, a database of 2 million users is typically sold on the Dark Web for about $30. This means the infamous hackers could see an unusual payday of $150 to $600 million.

While numerous popular vendors and hacker alias’ have obtained this information, the exact nature of how and who compromised Facebook is still unknown. Now that the information has surfaced, the affected individuals should watch for identity theft and black mail for an indefinite amount of time.

Read the latest Week in Breachto learn more about this cyber-attack and a quantitative analysis of the risk to individuals and associated businesses.

What you need to know now, and what you should share with your customers today.

Earlier this morning, Facebook announced that 50+ million user accounts were affected by a security breach. The attacker exploited two bugs in the website’s ‘view as‘ feature, which shows the user how their page is displayed to others. According to the Dark Web chat rooms monitored by ID Agent: DOBs, education, hometown locations, and more, were gathered from these pages. Facebook has announced that they believe financial information was not accessed and they have since made the necessary patches.

Ninety million users of the social media platform were logged out on Friday September 28, 2018. They received a notification: "Your privacy and security are important to us," the update reads. "We want to let you know about recent action we've taken to secure your account…"

At this time, no Dark Web hackers or whistleblowers are associating themselves with the breach, and there hasn’t been any mentions of leaked data in chatrooms/forums. Public Dark Web forums are mute as well. ID Agent is continuously monitoring the situation, as the hacker group is most likely compiling this information to be immediately sold on the Dark Web, which could then be redistributed on numerous private and public data dumps websites.

In the meantime, all Facebook users should change their passwords immediately, do a device audit, and turn on two factor authentication.